xz_dec_stream.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838
  1. /*
  2. * .xz Stream decoder
  3. *
  4. * Author: Lasse Collin <lasse.collin@tukaani.org>
  5. *
  6. * This file has been put into the public domain.
  7. * You can do whatever you want with this file.
  8. */
  9. #include "xz_private.h"
  10. #include "xz_stream.h"
  11. /* Hash used to validate the Index field */
  12. struct xz_dec_hash {
  13. vli_type unpadded;
  14. vli_type uncompressed;
  15. uint32_t crc32;
  16. };
  17. struct xz_dec {
  18. /* Position in dec_main() */
  19. enum {
  20. SEQ_STREAM_HEADER,
  21. SEQ_BLOCK_START,
  22. SEQ_BLOCK_HEADER,
  23. SEQ_BLOCK_UNCOMPRESS,
  24. SEQ_BLOCK_PADDING,
  25. SEQ_BLOCK_CHECK,
  26. SEQ_INDEX,
  27. SEQ_INDEX_PADDING,
  28. SEQ_INDEX_CRC32,
  29. SEQ_STREAM_FOOTER
  30. } sequence;
  31. /* Position in variable-length integers and Check fields */
  32. uint32_t pos;
  33. /* Variable-length integer decoded by dec_vli() */
  34. vli_type vli;
  35. /* Saved in_pos and out_pos */
  36. size_t in_start;
  37. size_t out_start;
  38. /* CRC32 value in Block or Index */
  39. uint32_t crc32;
  40. /* Type of the integrity check calculated from uncompressed data */
  41. enum xz_check check_type;
  42. /* Operation mode */
  43. enum xz_mode mode;
  44. /*
  45. * True if the next call to xz_dec_run() is allowed to return
  46. * XZ_BUF_ERROR.
  47. */
  48. bool allow_buf_error;
  49. /* Information stored in Block Header */
  50. struct {
  51. /*
  52. * Value stored in the Compressed Size field, or
  53. * VLI_UNKNOWN if Compressed Size is not present.
  54. */
  55. vli_type compressed;
  56. /*
  57. * Value stored in the Uncompressed Size field, or
  58. * VLI_UNKNOWN if Uncompressed Size is not present.
  59. */
  60. vli_type uncompressed;
  61. /* Size of the Block Header field */
  62. uint32_t size;
  63. } block_header;
  64. /* Information collected when decoding Blocks */
  65. struct {
  66. /* Observed compressed size of the current Block */
  67. vli_type compressed;
  68. /* Observed uncompressed size of the current Block */
  69. vli_type uncompressed;
  70. /* Number of Blocks decoded so far */
  71. vli_type count;
  72. /*
  73. * Hash calculated from the Block sizes. This is used to
  74. * validate the Index field.
  75. */
  76. struct xz_dec_hash hash;
  77. } block;
  78. /* Variables needed when verifying the Index field */
  79. struct {
  80. /* Position in dec_index() */
  81. enum {
  82. SEQ_INDEX_COUNT,
  83. SEQ_INDEX_UNPADDED,
  84. SEQ_INDEX_UNCOMPRESSED
  85. } sequence;
  86. /* Size of the Index in bytes */
  87. vli_type size;
  88. /* Number of Records (matches block.count in valid files) */
  89. vli_type count;
  90. /*
  91. * Hash calculated from the Records (matches block.hash in
  92. * valid files).
  93. */
  94. struct xz_dec_hash hash;
  95. } index;
  96. /*
  97. * Temporary buffer needed to hold Stream Header, Block Header,
  98. * and Stream Footer. The Block Header is the biggest (1 KiB)
  99. * so we reserve space according to that. buf[] has to be aligned
  100. * to a multiple of four bytes; the size_t variables before it
  101. * should guarantee this.
  102. */
  103. struct {
  104. size_t pos;
  105. size_t size;
  106. uint8_t buf[1024];
  107. } temp;
  108. struct xz_dec_lzma2 *lzma2;
  109. #ifdef XZ_DEC_BCJ
  110. struct xz_dec_bcj *bcj;
  111. bool bcj_active;
  112. #endif
  113. };
  114. #ifdef XZ_DEC_ANY_CHECK
  115. /* Sizes of the Check field with different Check IDs */
  116. static const uint8_t check_sizes[16] = {
  117. 0,
  118. 4, 4, 4,
  119. 8, 8, 8,
  120. 16, 16, 16,
  121. 32, 32, 32,
  122. 64, 64, 64
  123. };
  124. #endif
  125. /*
  126. * Fill s->temp by copying data starting from b->in[b->in_pos]. Caller
  127. * must have set s->temp.pos to indicate how much data we are supposed
  128. * to copy into s->temp.buf. Return true once s->temp.pos has reached
  129. * s->temp.size.
  130. */
  131. static bool fill_temp(struct xz_dec *s, struct xz_buf *b)
  132. {
  133. size_t copy_size = min_t(size_t,
  134. b->in_size - b->in_pos, s->temp.size - s->temp.pos);
  135. memcpy(s->temp.buf + s->temp.pos, b->in + b->in_pos, copy_size);
  136. b->in_pos += copy_size;
  137. s->temp.pos += copy_size;
  138. if (s->temp.pos == s->temp.size) {
  139. s->temp.pos = 0;
  140. return true;
  141. }
  142. return false;
  143. }
  144. /* Decode a variable-length integer (little-endian base-128 encoding) */
  145. static enum xz_ret dec_vli(struct xz_dec *s, const uint8_t *in,
  146. size_t *in_pos, size_t in_size)
  147. {
  148. uint8_t byte;
  149. if (s->pos == 0)
  150. s->vli = 0;
  151. while (*in_pos < in_size) {
  152. byte = in[*in_pos];
  153. ++*in_pos;
  154. s->vli |= (vli_type)(byte & 0x7F) << s->pos;
  155. if ((byte & 0x80) == 0) {
  156. /* Don't allow non-minimal encodings. */
  157. if (byte == 0 && s->pos != 0)
  158. return XZ_DATA_ERROR;
  159. s->pos = 0;
  160. return XZ_STREAM_END;
  161. }
  162. s->pos += 7;
  163. if (s->pos == 7 * VLI_BYTES_MAX)
  164. return XZ_DATA_ERROR;
  165. }
  166. return XZ_OK;
  167. }
  168. /*
  169. * Decode the Compressed Data field from a Block. Update and validate
  170. * the observed compressed and uncompressed sizes of the Block so that
  171. * they don't exceed the values possibly stored in the Block Header
  172. * (validation assumes that no integer overflow occurs, since vli_type
  173. * is normally uint64_t). Update the CRC32 if presence of the CRC32
  174. * field was indicated in Stream Header.
  175. *
  176. * Once the decoding is finished, validate that the observed sizes match
  177. * the sizes possibly stored in the Block Header. Update the hash and
  178. * Block count, which are later used to validate the Index field.
  179. */
  180. static enum xz_ret dec_block(struct xz_dec *s, struct xz_buf *b)
  181. {
  182. enum xz_ret ret;
  183. s->in_start = b->in_pos;
  184. s->out_start = b->out_pos;
  185. #ifdef XZ_DEC_BCJ
  186. if (s->bcj_active)
  187. ret = xz_dec_bcj_run(s->bcj, s->lzma2, b);
  188. else
  189. #endif
  190. ret = xz_dec_lzma2_run(s->lzma2, b);
  191. s->block.compressed += b->in_pos - s->in_start;
  192. s->block.uncompressed += b->out_pos - s->out_start;
  193. /*
  194. * There is no need to separately check for VLI_UNKNOWN, since
  195. * the observed sizes are always smaller than VLI_UNKNOWN.
  196. */
  197. if (s->block.compressed > s->block_header.compressed
  198. || s->block.uncompressed
  199. > s->block_header.uncompressed)
  200. return XZ_DATA_ERROR;
  201. if (s->check_type == XZ_CHECK_CRC32)
  202. s->crc32 = xz_crc32(b->out + s->out_start,
  203. b->out_pos - s->out_start, s->crc32);
  204. if (ret == XZ_STREAM_END) {
  205. if (s->block_header.compressed != VLI_UNKNOWN
  206. && s->block_header.compressed
  207. != s->block.compressed)
  208. return XZ_DATA_ERROR;
  209. if (s->block_header.uncompressed != VLI_UNKNOWN
  210. && s->block_header.uncompressed
  211. != s->block.uncompressed)
  212. return XZ_DATA_ERROR;
  213. s->block.hash.unpadded += s->block_header.size
  214. + s->block.compressed;
  215. #ifdef XZ_DEC_ANY_CHECK
  216. s->block.hash.unpadded += check_sizes[s->check_type];
  217. #else
  218. if (s->check_type == XZ_CHECK_CRC32)
  219. s->block.hash.unpadded += 4;
  220. #endif
  221. s->block.hash.uncompressed += s->block.uncompressed;
  222. s->block.hash.crc32 = xz_crc32(
  223. (const uint8_t *)&s->block.hash,
  224. sizeof(s->block.hash), s->block.hash.crc32);
  225. ++s->block.count;
  226. }
  227. return ret;
  228. }
  229. /* Update the Index size and the CRC32 value. */
  230. static void index_update(struct xz_dec *s, const struct xz_buf *b)
  231. {
  232. size_t in_used = b->in_pos - s->in_start;
  233. s->index.size += in_used;
  234. s->crc32 = xz_crc32(b->in + s->in_start, in_used, s->crc32);
  235. }
  236. /*
  237. * Decode the Number of Records, Unpadded Size, and Uncompressed Size
  238. * fields from the Index field. That is, Index Padding and CRC32 are not
  239. * decoded by this function.
  240. *
  241. * This can return XZ_OK (more input needed), XZ_STREAM_END (everything
  242. * successfully decoded), or XZ_DATA_ERROR (input is corrupt).
  243. */
  244. static enum xz_ret dec_index(struct xz_dec *s, struct xz_buf *b)
  245. {
  246. enum xz_ret ret;
  247. do {
  248. ret = dec_vli(s, b->in, &b->in_pos, b->in_size);
  249. if (ret != XZ_STREAM_END) {
  250. index_update(s, b);
  251. return ret;
  252. }
  253. switch (s->index.sequence) {
  254. case SEQ_INDEX_COUNT:
  255. s->index.count = s->vli;
  256. /*
  257. * Validate that the Number of Records field
  258. * indicates the same number of Records as
  259. * there were Blocks in the Stream.
  260. */
  261. if (s->index.count != s->block.count)
  262. return XZ_DATA_ERROR;
  263. s->index.sequence = SEQ_INDEX_UNPADDED;
  264. break;
  265. case SEQ_INDEX_UNPADDED:
  266. s->index.hash.unpadded += s->vli;
  267. s->index.sequence = SEQ_INDEX_UNCOMPRESSED;
  268. break;
  269. case SEQ_INDEX_UNCOMPRESSED:
  270. s->index.hash.uncompressed += s->vli;
  271. s->index.hash.crc32 = xz_crc32(
  272. (const uint8_t *)&s->index.hash,
  273. sizeof(s->index.hash),
  274. s->index.hash.crc32);
  275. --s->index.count;
  276. s->index.sequence = SEQ_INDEX_UNPADDED;
  277. break;
  278. }
  279. } while (s->index.count > 0);
  280. return XZ_STREAM_END;
  281. }
  282. /*
  283. * Validate that the next four input bytes match the value of s->crc32.
  284. * s->pos must be zero when starting to validate the first byte.
  285. */
  286. static enum xz_ret crc32_validate(struct xz_dec *s, struct xz_buf *b)
  287. {
  288. do {
  289. if (b->in_pos == b->in_size)
  290. return XZ_OK;
  291. if (((s->crc32 >> s->pos) & 0xFF) != b->in[b->in_pos++])
  292. return XZ_DATA_ERROR;
  293. s->pos += 8;
  294. } while (s->pos < 32);
  295. s->crc32 = 0;
  296. s->pos = 0;
  297. return XZ_STREAM_END;
  298. }
  299. #ifdef XZ_DEC_ANY_CHECK
  300. /*
  301. * Skip over the Check field when the Check ID is not supported.
  302. * Returns true once the whole Check field has been skipped over.
  303. */
  304. static bool check_skip(struct xz_dec *s, struct xz_buf *b)
  305. {
  306. while (s->pos < check_sizes[s->check_type]) {
  307. if (b->in_pos == b->in_size)
  308. return false;
  309. ++b->in_pos;
  310. ++s->pos;
  311. }
  312. s->pos = 0;
  313. return true;
  314. }
  315. #endif
  316. /* Decode the Stream Header field (the first 12 bytes of the .xz Stream). */
  317. static enum xz_ret dec_stream_header(struct xz_dec *s)
  318. {
  319. if (!memeq(s->temp.buf, HEADER_MAGIC, HEADER_MAGIC_SIZE))
  320. return XZ_FORMAT_ERROR;
  321. if (xz_crc32(s->temp.buf + HEADER_MAGIC_SIZE, 2, 0)
  322. != get_le32(s->temp.buf + HEADER_MAGIC_SIZE + 2))
  323. return XZ_DATA_ERROR;
  324. if (s->temp.buf[HEADER_MAGIC_SIZE] != 0)
  325. return XZ_OPTIONS_ERROR;
  326. /*
  327. * Of integrity checks, we support only none (Check ID = 0) and
  328. * CRC32 (Check ID = 1). However, if XZ_DEC_ANY_CHECK is defined,
  329. * we will accept other check types too, but then the check won't
  330. * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given.
  331. */
  332. if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX)
  333. return XZ_OPTIONS_ERROR;
  334. s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1];
  335. #ifdef XZ_DEC_ANY_CHECK
  336. if (s->check_type > XZ_CHECK_CRC32)
  337. return XZ_UNSUPPORTED_CHECK;
  338. #else
  339. if (s->check_type > XZ_CHECK_CRC32)
  340. return XZ_OPTIONS_ERROR;
  341. #endif
  342. return XZ_OK;
  343. }
  344. /* Decode the Stream Footer field (the last 12 bytes of the .xz Stream) */
  345. static enum xz_ret dec_stream_footer(struct xz_dec *s)
  346. {
  347. if (!memeq(s->temp.buf + 10, FOOTER_MAGIC, FOOTER_MAGIC_SIZE))
  348. return XZ_DATA_ERROR;
  349. if (xz_crc32(s->temp.buf + 4, 6, 0) != get_le32(s->temp.buf))
  350. return XZ_DATA_ERROR;
  351. /*
  352. * Validate Backward Size. Note that we never added the size of the
  353. * Index CRC32 field to s->index.size, thus we use s->index.size / 4
  354. * instead of s->index.size / 4 - 1.
  355. */
  356. if ((s->index.size >> 2) != get_le32(s->temp.buf + 4))
  357. return XZ_DATA_ERROR;
  358. if (s->temp.buf[8] != 0 || s->temp.buf[9] != s->check_type)
  359. return XZ_DATA_ERROR;
  360. /*
  361. * Use XZ_STREAM_END instead of XZ_OK to be more convenient
  362. * for the caller.
  363. */
  364. return XZ_STREAM_END;
  365. }
  366. /* Decode the Block Header and initialize the filter chain. */
  367. static enum xz_ret dec_block_header(struct xz_dec *s)
  368. {
  369. enum xz_ret ret;
  370. /*
  371. * Validate the CRC32. We know that the temp buffer is at least
  372. * eight bytes so this is safe.
  373. */
  374. s->temp.size -= 4;
  375. if (xz_crc32(s->temp.buf, s->temp.size, 0)
  376. != get_le32(s->temp.buf + s->temp.size))
  377. return XZ_DATA_ERROR;
  378. s->temp.pos = 2;
  379. /*
  380. * Catch unsupported Block Flags. We support only one or two filters
  381. * in the chain, so we catch that with the same test.
  382. */
  383. #ifdef XZ_DEC_BCJ
  384. if (s->temp.buf[1] & 0x3E)
  385. #else
  386. if (s->temp.buf[1] & 0x3F)
  387. #endif
  388. return XZ_OPTIONS_ERROR;
  389. /* Compressed Size */
  390. if (s->temp.buf[1] & 0x40) {
  391. if (dec_vli(s, s->temp.buf, &s->temp.pos, s->temp.size)
  392. != XZ_STREAM_END)
  393. return XZ_DATA_ERROR;
  394. s->block_header.compressed = s->vli;
  395. } else {
  396. s->block_header.compressed = VLI_UNKNOWN;
  397. }
  398. /* Uncompressed Size */
  399. if (s->temp.buf[1] & 0x80) {
  400. if (dec_vli(s, s->temp.buf, &s->temp.pos, s->temp.size)
  401. != XZ_STREAM_END)
  402. return XZ_DATA_ERROR;
  403. s->block_header.uncompressed = s->vli;
  404. } else {
  405. s->block_header.uncompressed = VLI_UNKNOWN;
  406. }
  407. #ifdef XZ_DEC_BCJ
  408. /* If there are two filters, the first one must be a BCJ filter. */
  409. s->bcj_active = s->temp.buf[1] & 0x01;
  410. if (s->bcj_active) {
  411. if (s->temp.size - s->temp.pos < 2)
  412. return XZ_OPTIONS_ERROR;
  413. ret = xz_dec_bcj_reset(s->bcj, s->temp.buf[s->temp.pos++]);
  414. if (ret != XZ_OK)
  415. return ret;
  416. /*
  417. * We don't support custom start offset,
  418. * so Size of Properties must be zero.
  419. */
  420. if (s->temp.buf[s->temp.pos++] != 0x00)
  421. return XZ_OPTIONS_ERROR;
  422. }
  423. #endif
  424. /* Valid Filter Flags always take at least two bytes. */
  425. if (s->temp.size - s->temp.pos < 2)
  426. return XZ_DATA_ERROR;
  427. /* Filter ID = LZMA2 */
  428. if (s->temp.buf[s->temp.pos++] != 0x21)
  429. return XZ_OPTIONS_ERROR;
  430. /* Size of Properties = 1-byte Filter Properties */
  431. if (s->temp.buf[s->temp.pos++] != 0x01)
  432. return XZ_OPTIONS_ERROR;
  433. /* Filter Properties contains LZMA2 dictionary size. */
  434. if (s->temp.size - s->temp.pos < 1)
  435. return XZ_DATA_ERROR;
  436. ret = xz_dec_lzma2_reset(s->lzma2, s->temp.buf[s->temp.pos++]);
  437. if (ret != XZ_OK)
  438. return ret;
  439. /* The rest must be Header Padding. */
  440. while (s->temp.pos < s->temp.size)
  441. if (s->temp.buf[s->temp.pos++] != 0x00)
  442. return XZ_OPTIONS_ERROR;
  443. s->temp.pos = 0;
  444. s->block.compressed = 0;
  445. s->block.uncompressed = 0;
  446. return XZ_OK;
  447. }
  448. static enum xz_ret dec_main(struct xz_dec *s, struct xz_buf *b)
  449. {
  450. enum xz_ret ret;
  451. /*
  452. * Store the start position for the case when we are in the middle
  453. * of the Index field.
  454. */
  455. s->in_start = b->in_pos;
  456. while (true) {
  457. switch (s->sequence) {
  458. case SEQ_STREAM_HEADER:
  459. /*
  460. * Stream Header is copied to s->temp, and then
  461. * decoded from there. This way if the caller
  462. * gives us only little input at a time, we can
  463. * still keep the Stream Header decoding code
  464. * simple. Similar approach is used in many places
  465. * in this file.
  466. */
  467. if (!fill_temp(s, b))
  468. return XZ_OK;
  469. /*
  470. * If dec_stream_header() returns
  471. * XZ_UNSUPPORTED_CHECK, it is still possible
  472. * to continue decoding if working in multi-call
  473. * mode. Thus, update s->sequence before calling
  474. * dec_stream_header().
  475. */
  476. s->sequence = SEQ_BLOCK_START;
  477. ret = dec_stream_header(s);
  478. if (ret != XZ_OK)
  479. return ret;
  480. /* Fall through */
  481. case SEQ_BLOCK_START:
  482. /* We need one byte of input to continue. */
  483. if (b->in_pos == b->in_size)
  484. return XZ_OK;
  485. /* See if this is the beginning of the Index field. */
  486. if (b->in[b->in_pos] == 0) {
  487. s->in_start = b->in_pos++;
  488. s->sequence = SEQ_INDEX;
  489. break;
  490. }
  491. /*
  492. * Calculate the size of the Block Header and
  493. * prepare to decode it.
  494. */
  495. s->block_header.size
  496. = ((uint32_t)b->in[b->in_pos] + 1) * 4;
  497. s->temp.size = s->block_header.size;
  498. s->temp.pos = 0;
  499. s->sequence = SEQ_BLOCK_HEADER;
  500. /* Fall through */
  501. case SEQ_BLOCK_HEADER:
  502. if (!fill_temp(s, b))
  503. return XZ_OK;
  504. ret = dec_block_header(s);
  505. if (ret != XZ_OK)
  506. return ret;
  507. s->sequence = SEQ_BLOCK_UNCOMPRESS;
  508. /* Fall through */
  509. case SEQ_BLOCK_UNCOMPRESS:
  510. ret = dec_block(s, b);
  511. if (ret != XZ_STREAM_END)
  512. return ret;
  513. s->sequence = SEQ_BLOCK_PADDING;
  514. /* Fall through */
  515. case SEQ_BLOCK_PADDING:
  516. /*
  517. * Size of Compressed Data + Block Padding
  518. * must be a multiple of four. We don't need
  519. * s->block.compressed for anything else
  520. * anymore, so we use it here to test the size
  521. * of the Block Padding field.
  522. */
  523. while (s->block.compressed & 3) {
  524. if (b->in_pos == b->in_size)
  525. return XZ_OK;
  526. if (b->in[b->in_pos++] != 0)
  527. return XZ_DATA_ERROR;
  528. ++s->block.compressed;
  529. }
  530. s->sequence = SEQ_BLOCK_CHECK;
  531. /* Fall through */
  532. case SEQ_BLOCK_CHECK:
  533. if (s->check_type == XZ_CHECK_CRC32) {
  534. ret = crc32_validate(s, b);
  535. if (ret != XZ_STREAM_END)
  536. return ret;
  537. }
  538. #ifdef XZ_DEC_ANY_CHECK
  539. else if (!check_skip(s, b)) {
  540. return XZ_OK;
  541. }
  542. #endif
  543. s->sequence = SEQ_BLOCK_START;
  544. break;
  545. case SEQ_INDEX:
  546. ret = dec_index(s, b);
  547. if (ret != XZ_STREAM_END)
  548. return ret;
  549. s->sequence = SEQ_INDEX_PADDING;
  550. /* Fall through */
  551. case SEQ_INDEX_PADDING:
  552. while ((s->index.size + (b->in_pos - s->in_start))
  553. & 3) {
  554. if (b->in_pos == b->in_size) {
  555. index_update(s, b);
  556. return XZ_OK;
  557. }
  558. if (b->in[b->in_pos++] != 0)
  559. return XZ_DATA_ERROR;
  560. }
  561. /* Finish the CRC32 value and Index size. */
  562. index_update(s, b);
  563. /* Compare the hashes to validate the Index field. */
  564. if (!memeq(&s->block.hash, &s->index.hash,
  565. sizeof(s->block.hash)))
  566. return XZ_DATA_ERROR;
  567. s->sequence = SEQ_INDEX_CRC32;
  568. /* Fall through */
  569. case SEQ_INDEX_CRC32:
  570. ret = crc32_validate(s, b);
  571. if (ret != XZ_STREAM_END)
  572. return ret;
  573. s->temp.size = STREAM_HEADER_SIZE;
  574. s->sequence = SEQ_STREAM_FOOTER;
  575. /* Fall through */
  576. case SEQ_STREAM_FOOTER:
  577. if (!fill_temp(s, b))
  578. return XZ_OK;
  579. return dec_stream_footer(s);
  580. }
  581. }
  582. /* Never reached */
  583. }
  584. /*
  585. * xz_dec_run() is a wrapper for dec_main() to handle some special cases in
  586. * multi-call and single-call decoding.
  587. *
  588. * In multi-call mode, we must return XZ_BUF_ERROR when it seems clear that we
  589. * are not going to make any progress anymore. This is to prevent the caller
  590. * from calling us infinitely when the input file is truncated or otherwise
  591. * corrupt. Since zlib-style API allows that the caller fills the input buffer
  592. * only when the decoder doesn't produce any new output, we have to be careful
  593. * to avoid returning XZ_BUF_ERROR too easily: XZ_BUF_ERROR is returned only
  594. * after the second consecutive call to xz_dec_run() that makes no progress.
  595. *
  596. * In single-call mode, if we couldn't decode everything and no error
  597. * occurred, either the input is truncated or the output buffer is too small.
  598. * Since we know that the last input byte never produces any output, we know
  599. * that if all the input was consumed and decoding wasn't finished, the file
  600. * must be corrupt. Otherwise the output buffer has to be too small or the
  601. * file is corrupt in a way that decoding it produces too big output.
  602. *
  603. * If single-call decoding fails, we reset b->in_pos and b->out_pos back to
  604. * their original values. This is because with some filter chains there won't
  605. * be any valid uncompressed data in the output buffer unless the decoding
  606. * actually succeeds (that's the price to pay of using the output buffer as
  607. * the workspace).
  608. */
  609. XZ_EXTERN enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b)
  610. {
  611. size_t in_start;
  612. size_t out_start;
  613. enum xz_ret ret;
  614. if (DEC_IS_SINGLE(s->mode))
  615. xz_dec_reset(s);
  616. in_start = b->in_pos;
  617. out_start = b->out_pos;
  618. ret = dec_main(s, b);
  619. if (DEC_IS_SINGLE(s->mode)) {
  620. if (ret == XZ_OK)
  621. ret = b->in_pos == b->in_size
  622. ? XZ_DATA_ERROR : XZ_BUF_ERROR;
  623. if (ret != XZ_STREAM_END) {
  624. b->in_pos = in_start;
  625. b->out_pos = out_start;
  626. }
  627. } else if (ret == XZ_OK && in_start == b->in_pos
  628. && out_start == b->out_pos) {
  629. if (s->allow_buf_error)
  630. ret = XZ_BUF_ERROR;
  631. s->allow_buf_error = true;
  632. } else {
  633. s->allow_buf_error = false;
  634. }
  635. return ret;
  636. }
  637. XZ_EXTERN struct xz_dec *xz_dec_init(enum xz_mode mode, uint32_t dict_max)
  638. {
  639. struct xz_dec *s = kmalloc(sizeof(*s), GFP_KERNEL);
  640. if (s == NULL)
  641. return NULL;
  642. s->mode = mode;
  643. #ifdef XZ_DEC_BCJ
  644. s->bcj = xz_dec_bcj_create(DEC_IS_SINGLE(mode));
  645. if (s->bcj == NULL)
  646. goto error_bcj;
  647. #endif
  648. s->lzma2 = xz_dec_lzma2_create(mode, dict_max);
  649. if (s->lzma2 == NULL)
  650. goto error_lzma2;
  651. xz_dec_reset(s);
  652. return s;
  653. error_lzma2:
  654. #ifdef XZ_DEC_BCJ
  655. xz_dec_bcj_end(s->bcj);
  656. error_bcj:
  657. #endif
  658. kfree(s);
  659. return NULL;
  660. }
  661. XZ_EXTERN void xz_dec_reset(struct xz_dec *s)
  662. {
  663. s->sequence = SEQ_STREAM_HEADER;
  664. s->allow_buf_error = false;
  665. s->pos = 0;
  666. s->crc32 = 0;
  667. memzero(&s->block, sizeof(s->block));
  668. memzero(&s->index, sizeof(s->index));
  669. s->temp.pos = 0;
  670. s->temp.size = STREAM_HEADER_SIZE;
  671. }
  672. XZ_EXTERN void xz_dec_end(struct xz_dec *s)
  673. {
  674. if (s != NULL) {
  675. xz_dec_lzma2_end(s->lzma2);
  676. #ifdef XZ_DEC_BCJ
  677. xz_dec_bcj_end(s->bcj);
  678. #endif
  679. kfree(s);
  680. }
  681. }